We have a separate SQL database that we need to pull information from into AX. Right now, we are using direct SQL calls from X++. I’m very nervous that it leaves us completely open to SQL injection attacks. Is there an alternative, or a good way to sanitize the data?
We are doing something like:
sqlStatement = ‘select * from customTable’;
sqlStatementExecutePermission = new SqlStatementExecutePermission(sqlStatement);
sqlStatementExecutePermission.assert();
resultSet = statement.executeQuery(sqlStatement);